I am a beginner with Group Policy although over the last few days I have learnt a lot. But I cannot for the absolute life of me make this work and its starting to make my blood boil..

I am trying to implement local admin accounts across the domain without having to go to each laptop and manually add them as a local admin. I have tried to do this using the Local Groups and Users page both in a new policy and in the default domain policy. Neither work. I followed this guide exactly even starting fresh several times.I have also tried to implement this using Restricted Groups using this guide and also nothing.

How can I troubleshoot this? Is it possible there is some fundamental lower level problem on the domain controller that causes these instructions not to get distributed?

I use GP Restricted Groups slightly differently. I specify which users and groups are members of the local Administrators group. Works perfectly. It will keep membership to be exactly what you specify, which means that you are adding in what you want, and also removing any users or groups that you do not specifically specify.

LAPS is for managing the local .\administrator account password. OP is talking about managing membership in the .\Administrators group, which is totally separate. Group Policy Restricted Groups is the supported and best solution.

Preface: Please don't use Default Domain Policy for things like this. GPO's should be granular and single-purpose.

If a GPO is not applying, check that a scope is set and that it's also linked to a OU. If the settings within the GPO apply to computers, it needs to be attached to an OU containing computers and the Security Filtering section should contain computers or groups with computers. (Apply USER changes to USERS, and COMPUTER changes to COMPUTERS).

4. Add one computer account in the Security Filtering pane to test with.

5. Link the GPO to the OU that that test computer is in.

This will simplify the testing process, it will simplify troubleshooting, and most importantly it will ensure you don't royally hose your whole domain. Doing anything with a GPO at the top level of the domain without knowing exactly what you're doing is asking for trouble.